Monitoring systems and methods

ABSTRACT

A processor may process a video feed of a monitored area. The processing may include attempting to decrypt the video feed using a temporally-varying digital rights management key in a state corresponding to a time at which the encrypted video feed was received and encountering a decryption error during the attempting. The processing may include comparing the video feed with an output feed from a secondary sensor to determine that at least one object is indicated in the monitored area by the output feed and not visible in the video feed. The processor may indicate a problem with the video feed. For example, the processor may indicate that the encrypted video feed has been altered prior to the receiving of the encrypted video feed due to the decryption error and/or that the video camera is malfunctioning due to the at least one object being not visible in the video feed.

BACKGROUND

Sensors, such as cameras, may be used to monitor areas. For example,security cameras are often used to monitor secured areas, such as banksor areas around ATMs. Some individuals attempt to thwart such monitoringto avoid being detected in the secured area. For example, individualscan tamper with cameras to cause them to record a feed of a still imagerather than of the area being monitored. In another example, individualscan tamper with data feeds from cameras to substitute loops of falsefootage for the real footage being captured and sent by the camera overa network.

SUMMARY OF THE DISCLOSURE

A monitoring system may include a video camera configured to generate avideo feed of a monitored area, a secondary sensor configured togenerate an output feed of the monitored area, a processor incommunication with the video camera and the secondary sensor, and anon-transitory memory in communication with the processor. The memorymay be configured to store instructions that, when executed by theprocessor, cause the processor to perform processing. The processing mayinclude analyzing the output feed to determine that at least one objectis present in the monitored area, analyzing the video feed to determinethat the at least one object is not visible in the video feed, andindicating that the video camera is malfunctioning due to the at leastone object being not visible in the video feed.

In some embodiments, the analyzing of the output feed may includegenerating a map of the secured area based on data in the output feed.The map may include at least one curvature in at least one portion ofthe map. The analyzing may include comparing the map of the secured areato a known empty map of the monitored area and detecting the at leastone object based on the at one curvature being different from a knowncurvature in at least one portion of the known empty map correspondingto a same portion of the monitored area as the at least one portion ofthe map.

In some embodiments, the analyzing of the output feed may includegenerating a map of the secured area based on data in the output feed.The map may include at least one curvature in at least one portion ofthe map. The analyzing may include comparing the map of the secured areato a known empty map of the monitored area and detecting the at leastone object based on the at one curvature being not present in at leastone portion of the known empty map corresponding to a same portion ofthe monitored area as the at least one portion of the map.

In some embodiments, the analyzing of the output feed may includegenerating a map of the monitored area based on data in the output feed.The map may indicate the at least one object in at least one portion ofthe map. The analyzing of the video feed may include comparing the videofeed to the map to determine that the at least one object is not visiblein at least one portion of the video feed corresponding to a sameportion of the monitored area as the at least one portion of the map.

In some embodiments, the system may include at least one transceiver incommunication with the processor and configured to receive a signal froman external device indicating a position of the external device withinthe monitored area. The analyzing of the video feed may includedetermining that the external device is not visible in a portion of thevideo feed corresponding to a same portion of the monitored area as theposition of the external device.

In some embodiments, the system may include at least one transceiver incommunication with the processor and configured to receive a digitalrights management key that changes over time. The processing may includeencrypting the video feed using the digital rights management key andtransmitting, by the at least one transceiver, the encrypted video feedto at least one playback device.

In some embodiments, the secondary sensor may include at least one of atransceiver, a radar sensor, a sonar sensor, and a lidar sensor.

In some embodiments, the analyzing of the video feed may include using aconvolutional neural network to identify features within the monitoredarea that are visible in the video feed.

A fraud detection system may include a monitoring system and a playbacksystem. The monitoring system may include a video camera configured togenerate a video feed of a monitored area, a monitoring processor incommunication with the video camera, a monitoring transceiver incommunication with the monitoring processor, and a non-transitorymonitoring memory in communication with the monitoring processor. Themonitoring memory may be configured to store instructions that, whenexecuted by the monitoring processor, cause the monitoring processor toperform processing. The processing may include receiving, by themonitoring transceiver, a digital rights management key that changesover time, encrypting the video feed using the digital rights managementkey, and transmitting, by the monitoring transceiver, the encryptedvideo feed. The playback system may include a playback processor, aplayback transceiver in communication with the playback processor, and anon-transitory playback memory in communication with the playbackprocessor. The playback memory may be configured to store instructionsthat, when executed by the playback processor, cause the playbackprocessor to perform processing. The processing may include receiving,by the playback transceiver, the encrypted video feed, receiving, by theplayback transceiver, the digital rights management key in a statecorresponding to a time at which the encrypted video feed was received,attempting to decrypt the encrypted video feed using the digital rightsmanagement key received by the playback transceiver, encountering adecryption error during the attempting, and indicating that theencrypted video feed has been altered between the transmitting of theencrypted video feed and the receiving of the encrypted video feed dueto the decryption error.

In some embodiments, the receiving by the monitoring transceiver mayinclude receiving a plurality of new digital rights management keys overtime. One of the digital rights management keys may be valid at a giventime. The encrypting may include, at the given time, using the digitalrights management key that is valid.

In some embodiments, the digital rights management key may be providedby a digital rights management server separate from the monitoringsystem and the playback system.

A method of detecting video feed problems may include receiving, at aprocessor, a video feed of a monitored area. The method may includeperforming processing, by the processor, on the video feed. Theprocessing may include at least one of attempting to decrypt the videofeed using a temporally-varying digital rights management key in a statecorresponding to a time at which the encrypted video feed was receivedand encountering a decryption error during the attempting, and comparingthe video feed with an output feed from a secondary sensor to determinethat at least one object is indicated in the monitored area by theoutput feed and not visible in the video feed. The method may includeindicating, by the processor, a problem with the video feed. Theindicating may include at least one of indicating that the encryptedvideo feed has been altered prior to the receiving of the encryptedvideo feed due to the decryption error, and indicating that the videocamera is malfunctioning due to the at least one object being notvisible in the video feed.

In some embodiments, the method may include receiving, at the processor,the temporally-varying digital rights management key from a digitalrights management server.

In some embodiments, the method may include receiving, at the processor,the output feed. The method may include analyzing, by the processor, theoutput feed to determine that the at least one object is present in themonitored area.

In some embodiments, the analyzing may include generating a map of thesecured area based on data in the output feed. The map may include atleast one curvature in at least one portion of the map. The analyzingmay include comparing the map of the secured area to a known empty mapof the monitored area. The analyzing may include detecting the at leastone object based on the at one curvature being different from a knowncurvature in at least one portion of the known empty map correspondingto a same portion of the monitored area as the at least one portion ofthe map.

In some embodiments, the analyzing may include generating a map of thesecured area based on data in the output feed. The map may include atleast one curvature in at least one portion of the map. The analyzingmay include comparing the map of the secured area to a known empty mapof the monitored area. The analyzing may include detecting the at leastone object based on the at one curvature being not present in at leastone portion of the known empty map corresponding to a same portion ofthe monitored area as the at least one portion of the map.

In some embodiments, the method may include receiving, at the processor,a signal from an external device indicating a position of the externaldevice within the monitored area. The method may include determiningthat the external device is not visible in a portion of the video feedcorresponding to a same portion of the monitored area as the position ofthe external device.

In some embodiments, the method may include using a convolutional neuralnetwork to identify features within the monitored area that are visiblein the video feed.

In some embodiments, the method may include analyzing the output feed togenerate a map of the monitored area based on data in the output feed.The map may indicate the at least one object in at least one portion ofthe map. The comparing may include comparing the identified featureswith the map.

In some embodiments, the secondary sensor may include at least one of aradar sensor, a sonar sensor, and a lidar sensor.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 shows a network and a monitored area according to an embodimentof the present disclosure.

FIGS. 2A-2D show scenarios within the monitored area according to anembodiment of the present disclosure.

FIG. 3 shows a computing device according to an embodiment of thepresent disclosure.

FIG. 4 shows a video feed malfunction detection process according to anembodiment of the present disclosure.

FIG. 5 shows a data encryption and transmission process according to anembodiment of the present disclosure.

FIG. 6 shows a data feed malfunction detection process according to anembodiment of the present disclosure.

DETAILED DESCRIPTION OF SEVERAL EMBODIMENTS

FIG. 1 shows a network 100 and a monitored area 110 according to anembodiment of the present disclosure. Monitored area 110 may be any areamonitored by one or more sensors. For example purposes, monitored area110 may be considered as an area adjacent to an ATM, although monitoredarea 110 may be any space. The one or more sensors may include camera120 and at least one additional sensor 130. Additional sensors 130 mayinclude, for example, a transceiver, a radar sensor, a sonar sensor, alidar sensor, and/or other types of sensors. Each sensor (e.g., camera120 and additional sensor(s) 130) may be configured to observe the areawhere a user interacts with the ATM and/or other areas surrounding theATM in the current example.

Sensors 120/130 may be configured to transmit data (e.g., video datafrom camera 120 and/or network/radar/sonar/lidar data from additionalsensor 130) to other devices. For example, sensors 120/130 may beconfigured to transmit data to server device 102 through network 100(e.g., the Internet or other wide area network) and/or to computerdevice 112 through a local network or connection.

Server device 102 and/or computer device 112 may be configured tomonitor data from sensors 120/130. For example, computer device 112 mayinclude monitoring service 114 and/or monitoring database 116.Monitoring service 114 may include hardware, software, and/or firmwarefor presenting data from sensors 120/130 to a user (e.g., securitymonitor screens) and/or generating alerts (e.g., alerting onsitesecurity personnel of potential problems in monitored area 110).Monitoring database 116 may be configured to store data from sensors120/130 (e.g., archiving sensor footage so that it is available forreview in the event of a crime). Computer device 112 is depicted as asingle device including a single monitoring service 114 and monitoringdatabase 116 for ease of illustration, but those of ordinary skill inthe art will appreciate that computer device 112 may be embodied indifferent forms for different implementations. For example, computerdevice 112 may include a plurality of computers and/or a plurality ofmonitoring service 114 and/or monitoring database 116 instances.Computer device 112 may be local to monitored area 110 as shown, or insome embodiments computer device 112 may be situated remotely and/or maycommunicate with sensors 120/130 through network 100 or another network.

Server device 102 may include playback service 104 and/or playbackdatabase 106. Playback service 104 may include hardware, software,and/or firmware for presenting data from sensors 120/130 to a user(e.g., security monitor screens). Playback database 116 may beconfigured to store data from sensors 120/130 (e.g., archiving sensorfootage so that it is available for review in the event of a crime).Server device 102 is depicted as a single server including a singleplayback service 104 and playback database 106 for ease of illustration,but those of ordinary skill in the art will appreciate that serverdevice 102 may be embodied in different forms for differentimplementations. For example, server device 102 may include a pluralityof servers and/or a plurality of playback service 104 and/or playbackdatabase 106 instances. In general, server device 102 may communicatewith sensors 120/130 through network 100 or another network.

FIGS. 2A-2D show scenarios within monitored area 110 according to anembodiment of the present disclosure. For example, FIG. 2A shows ascenario wherein an object (e.g., a bank robber) 200 is within monitoredarea 110. In this scenario, camera 120 and each additional sensor 130may detect object 200 and send data to monitoring service 114.Monitoring service 114 may display the data and/or store the data inmonitoring database 116. In this scenario, monitoring service 114 mayshow object 200 on a monitor receiving the video feed and/or may provideadditional indicia of the object (e.g., reporting from the additionalsensor(s) 130).

FIG. 2B shows a scenario similar to that of FIG. 2A except that in FIG.2B, camera 120 has been disabled. For example, the bank robber oranother individual may have previously tampered with camera 120. Camera120 may have been disabled or may have been adjusted to provide what mayappear to be a normal video feed, but is not an actual feed of monitoredarea 110. For example, camera 120 may be trained upon a still image ofmonitored area 110 without object 200 inside, or camera 120 may bemodified to provide looped footage of monitored area 110 without object200 inside. Accordingly, monitoring service 114 may not show object 200on a monitor receiving the video feed. However, as described in detailbelow, additional sensor(s) 130 may detect object 200. Monitoringservice 114 may report the presence of object 200 and/or may report aproblem with camera 120 based on the data supplied by additionalsensor(s) 130.

In another example, FIG. 2C shows a scenario wherein an object (e.g., abank robber) 200 is within monitored area 110. In this scenario, camera120 and each additional sensor 130 may detect object 200 and send datato server device 102 through network 100. Playback service 104 maydisplay the data and/or store the data in playback database 106. In thisscenario, playback service 104 may show object 200 on a monitorreceiving the video feed and/or may provide additional indicia of theobject (e.g., reporting from the additional sensor(s) 130).

FIG. 2D shows a scenario similar to that of FIG. 2C except that in FIG.2D, data from camera 120 has been replaced with data from an alternatecamera feed 120X. For example, the bank robber or another individual mayhave previously discovered network traffic from camera 120 and routedalternate camera feed 120X to server device 102 in its place. Alternatecamera feed 120X may provide what may appear to be a normal video feed,but is not an actual feed of monitored area 110. For example, alternatecamera feed 120X may be a feed of a still image of monitored area 110without object 200 inside, or alternate camera feed 120X may providelooped footage of monitored area 110 without object 200 inside.Accordingly, playback service 104 may not show object 200 on a monitorreceiving the video feed. However, as described in detail below, datafrom camera 120 may be encoded in a way that allows playback service 104to determine that it is genuine. Playback service 104 may report aproblem with camera 120 based on discrepancies in the encoding of thedata from alternate camera feed 120X.

FIG. 3 is a block diagram of an example computing device architecture,for example an architecture for server device 102 and/or computer device112, that may implement various features and processes as describedherein. The server device 102 and/or computer device 112 may beimplemented on any electronic device that runs software applicationsderived from compiled instructions, including without limitationpersonal computers, servers, smart phones, media players, electronictablets, game consoles, email devices, etc. Note that while a singleserver device 102 and/or computer device 112 is illustrated, the samearchitecture may be applied to multiple devices, and at least oneseparate server device 102 and/or computer device 112 may be provided insome cases. In some implementations, the server device 102 and/orcomputer device 112 may include one or more processors 302, one or moreinput devices 304, one or more display devices 306, one or more networkinterfaces 308, and one or more computer-readable mediums 310. Each ofthese components may be coupled by bus 312.

Display device 306 may be any known display technology, including butnot limited to display devices using Liquid Crystal Display (LCD) orLight Emitting Diode (LED) technology. Processor(s) 302 may use anyknown processor technology, including but not limited to graphicsprocessors and multi-core processors. Input device 304 may be any knowninput device technology, including but not limited to a keyboard(including a virtual keyboard), mouse, track ball, and touch-sensitivepad or display. Bus 312 may be any known internal or external bustechnology, including but not limited to ISA, EISA, PCI, PCI Express,NuBus, USB, Serial ATA or FireWire. Computer-readable medium 310 may beany medium that participates in providing instructions to processor(s)302 for execution, including without limitation, non-volatile storagemedia (e.g., optical disks, magnetic disks, flash drives, etc.), orvolatile media (e.g., SDRAM, ROM, etc.).

Computer-readable medium 310 may include various instructions 314 forimplementing an operating system (e.g., Mac OS®, Windows®, Linux). Theoperating system may be multi-user, multiprocessing, multitasking,multithreading, real-time, and the like. The operating system mayperform basic tasks, including but not limited to: recognizing inputfrom input device 304; sending output to display device 306; keepingtrack of files and directories on computer-readable medium 310;controlling peripheral devices (e.g., disk drives, printers, etc.) whichcan be controlled directly or through an I/O controller; and managingtraffic on bus 312. Network communications instructions 316 mayestablish and maintain network connections (e.g., software forimplementing communication protocols, such as TCP/IP, HTTP, Ethernet,telephony, etc.).

Security service instructions 318 can include instructions that performmonitoring and/or security functions as described herein. For example,security service instructions 318 may provide playback service 104,monitoring service 114, and/or other services as described herein.

Application(s) 320 may be an application that uses or implements theprocesses described herein and/or other processes. The processes mayalso be implemented in operating system 314.

The described features may be implemented in one or more computerprograms that may be executable on a programmable system including atleast one programmable processor coupled to receive data andinstructions from, and to transmit data and instructions to, a datastorage system, at least one input device, and at least one outputdevice. A computer program is a set of instructions that can be used,directly or indirectly, in a computer to perform a certain activity orbring about a certain result. A computer program may be written in anyform of programming language (e.g., Objective-C, Java), includingcompiled or interpreted languages, and it may be deployed in any form,including as a stand-alone program or as a module, component,subroutine, or other unit suitable for use in a computing environment.

Suitable processors for the execution of a program of instructions mayinclude, by way of example, both general and special purposemicroprocessors, and the sole processor or one of multiple processors orcores, of any kind of computer. Generally, a processor may receiveinstructions and data from a read-only memory or a random access memoryor both. The essential elements of a computer may include a processorfor executing instructions and one or more memories for storinginstructions and data. Generally, a computer may also include, or beoperatively coupled to communicate with, one or more mass storagedevices for storing data files; such devices include magnetic disks,such as internal hard disks and removable disks; magneto-optical disks;and optical disks. Storage devices suitable for tangibly embodyingcomputer program instructions and data may include all forms ofnon-volatile memory, including by way of example semiconductor memorydevices, such as EPROM, EEPROM, and flash memory devices; magnetic diskssuch as internal hard disks and removable disks; magneto-optical disks;and CD-ROM and DVD-ROM disks. The processor and the memory may besupplemented by, or incorporated in, ASICs (application-specificintegrated circuits).

To provide for interaction with a user, the features may be implementedon a computer having a display device such as a CRT (cathode ray tube)or LCD (liquid crystal display) monitor for displaying information tothe user and a keyboard and a pointing device such as a mouse or atrackball by which the user can provide input to the computer.

The features may be implemented in a computer system that includes aback-end component, such as a data server, or that includes a middlewarecomponent, such as an application server or an Internet server, or thatincludes a front-end component, such as a client computer having agraphical user interface or an Internet browser, or any combinationthereof. The components of the system may be connected by any form ormedium of digital data communication such as a communication network.Examples of communication networks include, e.g., a telephone network, aLAN, a WAN, and the computers and networks forming the Internet.

The computer system may include clients and servers. A client and servermay generally be remote from each other and may typically interactthrough a network. The relationship of client and server may arise byvirtue of computer programs running on the respective computers andhaving a client-server relationship to each other.

One or more features or steps of the disclosed embodiments may beimplemented using an API. An API may define one or more parameters thatare passed between a calling application and other software code (e.g.,an operating system, library routine, function) that provides a service,that provides data, or that performs an operation or a computation.

The API may be implemented as one or more calls in program code thatsend or receive one or more parameters through a parameter list or otherstructure based on a call convention defined in an API specificationdocument. A parameter may be a constant, a key, a data structure, anobject, an object class, a variable, a data type, a pointer, an array, alist, or another call. API calls and parameters may be implemented inany programming language. The programming language may define thevocabulary and calling convention that a programmer will employ toaccess functions supporting the API.

In some implementations, an API call may report to an application thecapabilities of a device running the application, such as inputcapability, output capability, processing capability, power capability,communications capability, etc.

FIG. 4 shows a video feed malfunction detection process 400 according toan embodiment of the present disclosure. Computer device 112 may performprocess 400 to determine whether video data being supplied by camera 120is giving a true representation of the monitored area 110. In someembodiments, server device 102 may perform process 400 and receive datafrom camera 120 and/or sensors 130 through network 100. Apart fromreceiving the data through network 100 rather than through a localconnection, server device 102 may perform process 400 similarly to thedepiction of computer device 112 performing process 400 as given below.

At 402, computer device 112 may receive data from sensors 130. Forexample, monitoring service 114 may continuously and/or repeatedlyreceive data feeds sensors 130. Sensors 130 may provide data includingrepresentations of monitored area 110. For example, a radar sensor mayprovide a radar representation of objects in monitored area 110. A sonarsensor may provide a sonar representation of objects in monitored area110. A lidar sensor may provide a lidar representation of objects inmonitored area 110. In some embodiments, another sensor 130 may be awireless transceiver configured to detect the presence of a mobiledevice in monitored area 110. For example, a mobile device with abanking app installed thereon may be configured to communicate with anATM in monitored area 110, and a transceiver sensor 130 may report thiscommunication to monitoring service.

At 404, computer device 112 may generate a map of monitored area 110.For example, monitoring service 114 may use data from sensors 130 togenerate a map indicating objects detected by sensors 130 withinmonitored area 110. Monitoring service 114 may use any relevantdetection methodology (e.g., object detection hardware, software, and/orfirmware for radar, sonar, and/or lidar systems) to build the map.

At 406, computer device 112 may detect objects within the map. Forexample, monitoring service 114 may compare the map withpreviously-obtained map data stored in monitoring database 116. Thestored map data may include one or more maps generated from sensor 130data during times when monitored area 110 is known to be empty, forexample. Monitoring service 114 may be able to detect differences in thecurrent map as compared with the previously stored data. If differencesare detected, monitoring service 114 may determine that one or moreobjects are present in monitored area 110. In some embodiments,monitoring service 114 may be able to detect quantity, position, and/orsize of the objects. For transceiver data, monitoring service 114 mayuse GPS coordinates or other location indicators provided by a mobiledevice in communication with the transceiver to determine whether themobile device is within monitored area 110.

At 408, computer device 112 may receive data from camera 120. Forexample, monitoring service 114 may continuously and/or repeatedlyreceive a data feed from camera 120. Camera 120 may provide video dataincluding a visual representation of monitored area 110. In someembodiments, monitoring service 114 may receive the same video feed asis sent to a video monitor for security personnel locally and/or toserver device 102 for display by playback service 104.

At 410, computer device 112 may compare the video data with the map.Monitoring service 114 may thereby determine whether objects detected at406 are also shown by the video data. To make this comparison,monitoring service 114 may detect objects in the visual data, forexample through the use of convolutional neural network processingand/or other known visual object detection techniques. In someembodiments, monitoring service 114 may detect quantity, position,and/or size of objects in the video data. In some embodiments,monitoring service 114 may construct a map of objects from the videodata similar to the map(s) generated from other sensor 130 data at 406.

At 412, computer device 112 may determine whether there are problemswith camera 120 based on the comparing at 410. For example, if theobjects detected at 406 are the same objects detected in the video feed,the video feed may be accurate. However if monitoring service 114detects an object at 406 that is not detected in the video data,monitoring service 114 may determine that the video feed does notinclude a true representation of monitored area 110. Monitoring service114 may take one or more actions in response, such as alerting a user,locking down or otherwise disabling access to an ATM in monitored area110, locking access to monitored area 110 (e.g., automatically locking adoor), etc.

FIG. 5 shows a data encryption and transmission process 500 according toan embodiment of the present disclosure. Computer device 112 may performprocess 500 to prepare video data from camera 120 for transmission toserver device 102 through network 100. By performing process 500,computer device 112 may enable server device 102 to detect tamperingwith the video data, which may occur during network 100 transmission,through process 600 as described below, for example.

At 502, computer device 112 may receive data from camera 120. Forexample, monitoring service 114 may continuously and/or repeatedlyreceive a data feed from camera 120. Camera 120 may provide video dataincluding a visual representation of monitored area 110. In someembodiments, monitoring service 114 may receive the same video feed asis sent to a video monitor for security personnel locally.

At 504, computer device 112 may receive data from a digital rightsmanagement (DRM) service. For example, monitoring service 114 may be incommunication with a DRM server through network 100. Monitoring service114 may receive one or more keys (e.g., a public and private key pair)from the DRM server. Monitoring service 114 may request the keys bysending a request to DRM server and/or DRM server may send the keys tomonitoring service 114 periodically. The keys may change periodically,so DRM server may send keys as they change and/or monitoring service 114may request keys from time to time in order to ensure it has the currentkeys.

At 506, computer device 112 may encrypt the data from camera 120 usingthe keys received at 504. Monitoring service 114 may use the mostrecently received keys to encrypt the data to ensure that the data isencrypted with the keys currently being distributed by the DRM server.

At 508, computer device 112 may transmit the encrypted data over network100. For example, monitoring service 114 may send the encrypted data toserver device 102. Playback service 104 may attempt to decrypt the dataand, if successful, may display the video feed to a user, for example.The encryption may allow playback service 104 to detect tampering withthe video feed, as described below with respect to FIG. 6, for example.

FIG. 6 shows a data feed malfunction detection process 600 according toan embodiment of the present disclosure. Server device 102 may performprocess 600 to detect tampering with the video data, which may occurduring network 100 transmission from computer device 112, for example.Assuming that the video data has been prepared (e.g., according toprocess 500 as described above), process 600 may reveal whether or notthe video data has been altered.

At 602, server device 102 may receive encrypted video data. For example,playback service 104 may receive the encrypted video data transmitted at508 by monitoring service 114 performing process 500. Playback service104 may be configured to receive remotely gathered video data anddisplay the video data for a user, archive the video data in playbackdatabase 106, and/or perform other processing using the video data.

At 604, server device 102 may receive data from the digital rightsmanagement (DRM) service. For example, playback service 104 may be incommunication with the DRM server through network 100. Playback service104 may receive one or more keys (e.g., a public and private key pair)from the DRM server. Playback service 104 may request the keys bysending a request to DRM server and/or DRM server may send the keys toplayback service 104 periodically. The keys may change periodically, soDRM server may send keys as they change and/or playback service 104 mayrequest keys from time to time in order to ensure it has the currentkeys

At 606, server device 102 may attempt to decrypt the video data receivedat 602. For example, playback service 104 may use the most recentlyreceived keys to decrypt the video data. Because the video data wasencrypted using the most recent keys provided by the DRM server,playback service 104 may be able to decrypt the video data if it is thesame video data sent by monitoring service 114. In this case, playbackservice 104 may display the video data for a user, archive the videodata in playback database 106, and/or perform other processing using thevideo data. Process 600 may end if playback service 104 successfullydecrypts the video data.

At 608, server device 102 may detect a decryption error. For example, ifthe received video data was not encrypted using the keys most recentlyprovided by the DRM server, playback service 104 may not be applying thecorrect key at 606. In one specific example, the video data received at602 may be a loop of previously-transmitted video data that has beenintercepted by a third party. The previously-transmitted video data mayshow monitored area 110 empty (e.g., with no people visible). The thirdparty may create the loop and send it to playback service 104, in placeof the real video data, in an attempt to make it look like monitoredarea 110 is empty (e.g., allowing a person to enter monitored area 110undetected by playback service 104). However, the previously-transmittedvideo data may have been prepared using an expired key (e.g., because itwas prepared according to process 500 using an earlier key, looped, andretransmitted after the key changed). Thus, the most recent DRM key willnot work to decrypt the data.

At 610, server device 102 may determine that the video data has beenaltered. For example, playback service 104 may treat a failure todecrypt the data at 608 as an indication that the data has been altered.Playback service 104 may take one or more actions in response, such asalerting a user, locking down or otherwise disabling access to an ATM inmonitored area 110, locking access to monitored area 110 (e.g.,automatically locking a door), etc.

While various embodiments have been described above, it should beunderstood that they have been presented by way of example and notlimitation. It will be apparent to persons skilled in the relevantart(s) that various changes in form and detail can be made thereinwithout departing from the spirit and scope. In fact, after reading theabove description, it will be apparent to one skilled in the relevantart(s) how to implement alternative embodiments. For example, othersteps may be provided, or steps may be eliminated, from the describedflows, and other components may be added to, or removed from, thedescribed systems. Accordingly, other implementations are within thescope of the following claims.

In addition, it should be understood that any figures which highlightthe functionality and advantages are presented for example purposesonly. The disclosed methodology and system are each sufficientlyflexible and configurable such that they may be utilized in ways otherthan that shown.

Although the term “at least one” may often be used in the specification,claims and drawings, the terms “a”, “an”, “the”, “said”, etc. alsosignify “at least one” or “the at least one” in the specification,claims and drawings.

Finally, it is the applicant's intent that only claims that include theexpress language “means for” or “step for” be interpreted under 35U.S.C. 112(f). Claims that do not expressly include the phrase “meansfor” or “step for” are not to be interpreted under 35 U.S.C. 112(f).

1-20. (canceled)
 21. A fraud detection system comprising: a monitoringsystem comprising: a video camera configured to generate a video feed ofa monitored area; a monitoring processor in communication with the videocamera; a monitoring transceiver in communication with the monitoringprocessor; and a non-transitory monitoring memory in communication withthe monitoring processor, the monitoring memory being configured tostore instructions that, when executed by the monitoring processor,cause the monitoring processor to perform processing comprising:receiving, by the monitoring transceiver, a digital rights managementkey that changes over time; encrypting the video feed using the digitalrights management key; and transmitting, by the monitoring transceiver,the encrypted video feed; and a playback system comprising: a playbackprocessor; a playback transceiver in communication with the playbackprocessor; and a non-transitory playback memory in communication withthe playback processor, the playback memory being configured to storeinstructions that, when executed by the playback processor, cause theplayback processor to perform processing comprising: receiving, by theplayback transceiver, the encrypted video feed; receiving, by theplayback transceiver, the digital rights management key in a statecorresponding to a time at which the encrypted video feed was received;attempting to decrypt the encrypted video feed using the digital rightsmanagement key received by the playback transceiver; encountering adecryption error during the attempting; indicating that the encryptedvideo feed has been altered between the transmitting of the encryptedvideo feed and the receiving of the encrypted video feed due to thedecryption error; and locking access to at least one location due to theindicating.
 22. The system of claim 21, wherein: the receiving by themonitoring transceiver comprises receiving a plurality of new digitalrights management keys over time, wherein one of the digital rightsmanagement keys is valid at a given time; the encrypting comprises, atthe given time, using the digital rights management key that is valid.23. The system of claim 21, wherein the digital rights management key isprovided by a digital rights management server separate from themonitoring system and the playback system.
 24. A method of detectingvideo feed problems, the method comprising: receiving, at a processor, avideo feed of a monitored area; performing processing, by the processor,on the video feed, the processing comprising at least one of: attemptingto decrypt the video feed using a temporally-varying digital rightsmanagement key in a state corresponding to a time at which the encryptedvideo feed was received and encountering a decryption error during theattempting; and comparing the video feed with an output feed from asecondary sensor to determine that at least one object is indicated inthe monitored area by the output feed and not visible in the video feed,the comparing comprising: analyzing the output feed to determine that atleast one object is present in the monitored area, the analyzingcomprising comparing the output feed with a known empty map of themonitored area to determine that the at least one object is not among acomplete set of objects detected within the map and determining alocation of the at least one object relative to the map; analyzing thevideo feed to attempt to detect the at least one object in the videofeed, the analyzing comprising comparing the video feed with the knownempty map to determine that the at least one object is not detected inat least one portion of the video feed corresponding to a same portionof the monitored area as the at least one portion of the known emptymap; based on the analyzing of the video feed, failing to detect the atleast one object in the video feed due to the comparing indicating thatthe location of the at least one object is empty within the video feed;indicating, by the processor, a problem with the video feed, theindicating comprising at least one of: indicating that the encryptedvideo feed has been altered prior to the receiving of the encryptedvideo feed due to the decryption error; and indicating that the videocamera is malfunctioning due to the at least one object being notvisible in the video feed; and locking access to at least one locationdue to the indicating.
 25. The method of claim 24, further comprisingreceiving, at the processor, the temporally-varying digital rightsmanagement key from a digital rights management server.
 26. The methodof claim 24, further comprising: receiving, at the processor, the outputfeed; and analyzing, by the processor, the output feed to determine thatthe at least one object is present in the monitored area.
 27. The methodof claim 26, wherein the analyzing comprises: generating a map of thesecured area based on data in the output feed, the map comprising atleast one curvature in at least one portion of the map; comparing themap of the secured area to the known empty map of the monitored area;and detecting the at least one object based on the at one curvaturebeing different from a known curvature in at least one portion of theknown empty map corresponding to a same portion of the monitored area asthe at least one portion of the map.
 28. The method of claim 26, whereinthe analyzing comprises: generating a map of the secured area based ondata in the output feed, the map comprising at least one curvature in atleast one portion of the map; comparing the map of the secured area tothe known empty map of the monitored area; and detecting the at leastone object based on the at one curvature being not present in at leastone portion of the known empty map corresponding to a same portion ofthe monitored area as the at least one portion of the map.
 29. Themethod of claim 24, further comprising: receiving, at the processor, asignal from an external device indicating a position of the externaldevice within the monitored area; and determining that the externaldevice is not visible in a portion of the video feed corresponding to asame portion of the monitored area as the position of the externaldevice.
 30. The method of claim 24, wherein the analyzing of the videofeed comprises using a convolutional neural network to identify featureswithin the monitored area that are visible in the video feed.
 31. Themethod of claim 30, further comprising analyzing the output feed togenerate a map of the monitored area based on data in the output feed,the map indicating the at least one object in at least one portion ofthe map, wherein the comparing comprises comparing the identifiedfeatures with the map.
 32. The method of claim 24, wherein the secondarysensor comprises at least one of a transceiver, a radar sensor, a sonarsensor, and a lidar sensor.
 33. The method of claim 24, furthercomprising: receiving, by at least one transceiver in communication withthe processor, a digital rights management key that changes over time;encrypting, by the processor, the video feed using the digital rightsmanagement key; and transmitting, by the at least one transceiver, theencrypted video feed to at least one playback device.
 34. The method ofclaim 33, wherein the receiving comprises receiving a plurality of newdigital rights management keys over time, wherein one of the digitalrights management keys is valid at a given time.
 35. The method of claim34, wherein the encrypting comprises, at the given time, using thedigital rights management key that is valid.
 36. The method of claim 33,wherein the digital rights management key is provided by a digitalrights management server separate from the processor.